<form name="form_name" action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<form name="form_name" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="POST">
Compare the two forms tags below:
<form name="form_name" action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<form name="form_name" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="POST">
